Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cdcd49e4409d35f386f9f394a3616cb99b2ea277b5444.exe
-
Size
525KB
-
Sample
230703-fe9htsga4x
-
MD5
8f3af9350e139bd72c0e74d44cdfd01b
-
SHA1
def07fc2bb4d1e74e3b1b0b387398c6308dbed3d
-
SHA256
cdcd49e4409d35f386f9f394a3616cb99b2ea277b544479e1f3f9ef2004df887
-
SHA512
8c5ae5e0e0496db26762dc58e5d504eea66e244bc9e5aa2cc157e00799781ccb143e64ff08e1c928671994c244d261c1c5a276ba5d2b7c720e909bbc56f63b5b
-
SSDEEP
12288:dYlEqQ2PBsDY6jh7bR5Mxg0XtQpAu+pac:dYlEK817bR5+IMac
Static task
static1
Behavioral task
behavioral1
Sample
cdcd49e4409d35f386f9f394a3616cb99b2ea277b5444.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
cdcd49e4409d35f386f9f394a3616cb99b2ea277b5444.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
andre
77.91.124.49:19073
-
auth_value
8e5522dc6bdb7e288797bc46c2687b12
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
cdcd49e4409d35f386f9f394a3616cb99b2ea277b5444.exe
-
Size
525KB
-
MD5
8f3af9350e139bd72c0e74d44cdfd01b
-
SHA1
def07fc2bb4d1e74e3b1b0b387398c6308dbed3d
-
SHA256
cdcd49e4409d35f386f9f394a3616cb99b2ea277b544479e1f3f9ef2004df887
-
SHA512
8c5ae5e0e0496db26762dc58e5d504eea66e244bc9e5aa2cc157e00799781ccb143e64ff08e1c928671994c244d261c1c5a276ba5d2b7c720e909bbc56f63b5b
-
SSDEEP
12288:dYlEqQ2PBsDY6jh7bR5Mxg0XtQpAu+pac:dYlEK817bR5+IMac
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-